refactor(core): remove lease-based session locking mechanism

acmore · acmore · commit 1f8b74a77040 · 2026-03-06T22:20:05.000+08:00
diff --git a/docs/okdev-design.md b/docs/okdev-design.md
@@ -263,7 +263,6 @@ Ownership model:
 
 - `okdev down [--delete-pvc]`
   - stop session; default preserves PVC for continuity
-  - always releases the session Lease immediately for fast handoff/restart
   - supports `--dry-run` to preview deletions
 
 - `okdev prune [--dry-run]`
@@ -281,11 +280,6 @@ okdev approach:
 - Local machine stores only ephemeral client metadata.
 - Any machine with kube access and repo can run `okdev up --attach`.
 
-Optional lock modes:
-- `none`
-- `advisory` (warn if another active client)
-- `exclusive` (single active client lease with timeout)
-
 Ownership model:
 - Owner identity resolution: `--owner` flag -> `OKDEV_OWNER` -> local `USER`.
 - Sessions are labeled with `okdev.io/owner=<owner>`.
@@ -404,7 +398,7 @@ This guarantees isolation between projects while keeping shared cluster usage si
 ### Phase 2
 - improved sync engine with change detection and conflict handling
 - idle timeout and TTL pruning
-- advisory/exclusive lease mode
+- stricter owner-scoped access controls
 - richer status diagnostics
 
 ### Phase 3
diff --git a/internal/cli/common.go b/internal/cli/common.go
@@ -19,7 +19,6 @@ import (
 	"github.com/acmore/okdev/internal/session"
 )
 
-const sessionLeaseDuration = 2 * time.Minute
 const sessionHeartbeatInterval = 5 * time.Minute
 
 var invalidOwnerChars = regexp.MustCompile(`[^a-z0-9._-]`)
@@ -125,37 +124,6 @@ func runConnectWithClient(k *kube.Client, namespace, sessionName string, command
 	return connect.Run(ctx, k, namespace, podName(sessionName), command, tty, os.Stdin, os.Stdout, os.Stderr)
 }
 
-func ensureSessionLock(opts *Options, cfg *config.DevEnvironment, namespace, sessionName string, out io.Writer) error {
-	stopRenew, err := acquireSessionLockWithClient(newKubeClient(opts), cfg, namespace, sessionName, out)
-	if err != nil {
-		return err
-	}
-	stopRenew()
-	return nil
-}
-
-func acquireSessionLock(opts *Options, cfg *config.DevEnvironment, namespace, sessionName string, out io.Writer) (func(), error) {
-	return acquireSessionLockWithClient(newKubeClient(opts), cfg, namespace, sessionName, out)
-}
-
-func acquireSessionLockWithClient(k *kube.Client, cfg *config.DevEnvironment, namespace, sessionName string, out io.Writer) (func(), error) {
-	if cfg.Spec.Session.LockMode == "none" {
-		return func() {}, nil
-	}
-	holder := sessionHolderIdentity()
-	leaseName := "okdev-" + sessionName
-	ctx, cancel := context.WithTimeout(context.Background(), 15*time.Second)
-	defer cancel()
-	res, err := k.AcquireLease(ctx, namespace, leaseName, holder, cfg.Spec.Session.LockMode, sessionLeaseDuration)
-	if err != nil {
-		return nil, err
-	}
-	if !res.Acquired && cfg.Spec.Session.LockMode == "advisory" {
-		fmt.Fprintf(out, "warning: session lock currently held by %s\n", res.CurrentHolder)
-	}
-	return func() {}, nil
-}
-
 func startSessionHeartbeat(opts *Options, namespace, sessionName string, out io.Writer, interval time.Duration) func() {
 	return startSessionHeartbeatWithClient(newKubeClient(opts), namespace, sessionName, out, interval)
 }
@@ -192,52 +160,19 @@ func startSessionMaintenance(opts *Options, cfg *config.DevEnvironment, namespac
 }
 
 func startSessionMaintenanceWithClient(k *kube.Client, cfg *config.DevEnvironment, namespace, sessionName string, out io.Writer, renewLock bool, emitHeartbeat bool) func() {
-	if !renewLock && !emitHeartbeat {
+	_ = cfg
+	_ = renewLock
+	if !emitHeartbeat {
 		return func() {}
 	}
-	holder := sessionHolderIdentity()
-	leaseName := "okdev-" + sessionName
 	pod := podName(sessionName)
 	ctx, cancel := context.WithCancel(context.Background())
 
 	go func() {
-		var renewTicker *time.Ticker
-		var renewCh <-chan time.Time
-		if renewLock && cfg.Spec.Session.LockMode != "none" {
-			renewTicker = time.NewTicker(sessionLeaseDuration / 2)
-			renewCh = renewTicker.C
-			defer renewTicker.Stop()
-		}
-		var heartbeatTicker *time.Ticker
-		var heartbeatCh <-chan time.Time
-		if emitHeartbeat {
-			heartbeatTicker = time.NewTicker(sessionHeartbeatInterval)
-			heartbeatCh = heartbeatTicker.C
-			defer heartbeatTicker.Stop()
-		}
-
-		doRenew := func() {
-			if !renewLock || cfg.Spec.Session.LockMode == "none" {
-				return
-			}
-			renewCtx, renewCancel := context.WithTimeout(context.Background(), 15*time.Second)
-			renewRes, renewErr := k.AcquireLease(renewCtx, namespace, leaseName, holder, cfg.Spec.Session.LockMode, sessionLeaseDuration)
-			renewCancel()
-			if renewErr != nil {
-				slog.Warn("session lock renewal failed", "namespace", namespace, "session", sessionName, "holder", holder, "error", renewErr)
-				fmt.Fprintf(out, "warning: failed to renew session lock: %v\n", renewErr)
-				return
-			}
-			if !renewRes.Acquired && cfg.Spec.Session.LockMode == "advisory" {
-				slog.Warn("session advisory lock not acquired on renewal", "namespace", namespace, "session", sessionName, "holder", holder, "current_holder", renewRes.CurrentHolder)
-				fmt.Fprintf(out, "warning: session lock now held by %s\n", renewRes.CurrentHolder)
-			}
-		}
+		heartbeatTicker := time.NewTicker(sessionHeartbeatInterval)
+		defer heartbeatTicker.Stop()
 
 		doHeartbeat := func() {
-			if !emitHeartbeat {
-				return
-			}
 			beatCtx, beatCancel := context.WithTimeout(context.Background(), 10*time.Second)
 			err := k.TouchPodActivity(beatCtx, namespace, pod)
 			beatCancel()
@@ -252,9 +187,7 @@ func startSessionMaintenanceWithClient(k *kube.Client, cfg *config.DevEnvironmen
 			select {
 			case <-ctx.Done():
 				return
-			case <-renewCh:
-				doRenew()
-			case <-heartbeatCh:
+			case <-heartbeatTicker.C:
 				doHeartbeat()
 			}
 		}
@@ -263,15 +196,6 @@ func startSessionMaintenanceWithClient(k *kube.Client, cfg *config.DevEnvironmen
 	return cancel
 }
 
-func sessionHolderIdentity() string {
-	user := currentOwner(nil)
-	host, err := os.Hostname()
-	if err != nil || host == "" {
-		host = "unknown-host"
-	}
-	return user + "@" + host
-}
-
 func currentOwner(opts *Options) string {
 	if opts != nil {
 		if v := normalizeOwner(opts.Owner); v != "" {
diff --git a/internal/cli/connect.go b/internal/cli/connect.go
@@ -27,11 +27,6 @@ func newConnectCmd(opts *Options) *cobra.Command {
 			if err := ensureSessionOwnership(opts, k, ns, sn, true); err != nil {
 				return err
 			}
-			stopRenew, err := acquireSessionLock(opts, cfg, ns, sn, cmd.OutOrStdout())
-			if err != nil {
-				return err
-			}
-			defer stopRenew()
 			stopMaintenance := startSessionMaintenance(opts, cfg, ns, sn, cmd.OutOrStdout(), true, true)
 			defer stopMaintenance()
 
diff --git a/internal/cli/down.go b/internal/cli/down.go
@@ -36,7 +36,6 @@ func newDownCmd(opts *Options) *cobra.Command {
 				} else if !deletePVC && cfg.Spec.Workspace.PVC.ClaimName == "" {
 					fmt.Fprintf(cmd.OutOrStdout(), "- would retain pvc/%s\n", pvcName(cfg, sn))
 				}
-				fmt.Fprintf(cmd.OutOrStdout(), "- would delete lease/%s\n", "okdev-"+sn)
 				return nil
 			}
 
@@ -48,9 +47,6 @@ func newDownCmd(opts *Options) *cobra.Command {
 					return fmt.Errorf("delete workspace pvc: %w", err)
 				}
 			}
-			if err := k.Delete(ctx, ns, "lease", "okdev-"+sn, true); err != nil {
-				return fmt.Errorf("delete session lease: %w", err)
-			}
 			fmt.Fprintf(cmd.OutOrStdout(), "Session stopped: %s\n", sn)
 			if !deletePVC && cfg.Spec.Workspace.PVC.ClaimName == "" {
 				fmt.Fprintf(cmd.OutOrStdout(), "Workspace PVC retained: %s (use --delete-pvc to remove)\n", pvcName(cfg, sn))
diff --git a/internal/cli/ports.go b/internal/cli/ports.go
@@ -28,11 +28,6 @@ func newPortsCmd(opts *Options) *cobra.Command {
 			if err := ensureSessionOwnership(opts, k, ns, sn, true); err != nil {
 				return err
 			}
-			stopRenew, err := acquireSessionLock(opts, cfg, ns, sn, cmd.OutOrStdout())
-			if err != nil {
-				return err
-			}
-			defer stopRenew()
 			stopMaintenance := startSessionMaintenance(opts, cfg, ns, sn, cmd.OutOrStdout(), true, true)
 			defer stopMaintenance()
 			if len(cfg.Spec.Ports) == 0 {
diff --git a/internal/cli/ssh.go b/internal/cli/ssh.go
@@ -39,11 +39,6 @@ func newSSHCmd(opts *Options) *cobra.Command {
 			if err := ensureSessionOwnership(opts, k, ns, sn, true); err != nil {
 				return err
 			}
-			stopRenew, err := acquireSessionLock(opts, cfg, ns, sn, cmd.OutOrStdout())
-			if err != nil {
-				return err
-			}
-			defer stopRenew()
 			stopMaintenance := startSessionMaintenance(opts, cfg, ns, sn, cmd.OutOrStdout(), true, true)
 			defer stopMaintenance()
 
diff --git a/internal/cli/status.go b/internal/cli/status.go
@@ -48,33 +48,27 @@ func newStatusCmd(opts *Options) *cobra.Command {
 			})
 			if opts.Output == "json" {
 				type statusRow struct {
-					Session    string `json:"session"`
-					Owner      string `json:"owner"`
-					Pod        string `json:"pod"`
-					Phase      string `json:"phase"`
-					Age        string `json:"age"`
-					Ready      string `json:"ready"`
-					Restarts   int32  `json:"restarts"`
-					Reason     string `json:"reason"`
-					LockHolder string `json:"lockHolder,omitempty"`
+					Session  string `json:"session"`
+					Owner    string `json:"owner"`
+					Pod      string `json:"pod"`
+					Phase    string `json:"phase"`
+					Age      string `json:"age"`
+					Ready    string `json:"ready"`
+					Restarts int32  `json:"restarts"`
+					Reason   string `json:"reason"`
 				}
 				rows := make([]statusRow, 0, len(pods))
 				for _, p := range pods {
 					sn := p.Labels["okdev.io/session"]
-					lockHolder, err := k.LeaseHolder(ctx, p.Namespace, "okdev-"+sn)
-					if err != nil {
-						return err
-					}
 					rows = append(rows, statusRow{
-						Session:    sn,
-						Owner:      p.Labels["okdev.io/owner"],
-						Pod:        p.Name,
-						Phase:      p.Phase,
-						Age:        age(p.CreatedAt),
-						Ready:      p.Ready,
-						Restarts:   p.Restarts,
-						Reason:     p.Reason,
-						LockHolder: lockHolder,
+						Session:  sn,
+						Owner:    p.Labels["okdev.io/owner"],
+						Pod:      p.Name,
+						Phase:    p.Phase,
+						Age:      age(p.CreatedAt),
+						Ready:    p.Ready,
+						Restarts: p.Restarts,
+						Reason:   p.Reason,
 					})
 				}
 				return outputJSON(cmd.OutOrStdout(), rows)
@@ -83,13 +77,6 @@ func newStatusCmd(opts *Options) *cobra.Command {
 			rows := make([][]string, 0, len(pods))
 			for _, p := range pods {
 				sn := p.Labels["okdev.io/session"]
-				lockHolder, err := k.LeaseHolder(ctx, p.Namespace, "okdev-"+sn)
-				if err != nil {
-					return err
-				}
-				if lockHolder == "" {
-					lockHolder = "-"
-				}
 				rows = append(rows, []string{
 					sn,
 					p.Labels["okdev.io/owner"],
@@ -98,11 +85,10 @@ func newStatusCmd(opts *Options) *cobra.Command {
 					p.Ready,
 					fmt.Sprintf("%d", p.Restarts),
 					p.Reason,
-					lockHolder,
 					age(p.CreatedAt),
 				})
 			}
-			output.PrintTable(cmd.OutOrStdout(), []string{"SESSION", "OWNER", "POD", "PHASE", "READY", "RESTARTS", "REASON", "LOCK", "AGE"}, rows)
+			output.PrintTable(cmd.OutOrStdout(), []string{"SESSION", "OWNER", "POD", "PHASE", "READY", "RESTARTS", "REASON", "AGE"}, rows)
 			return nil
 		},
 	}
diff --git a/internal/cli/sync.go b/internal/cli/sync.go
@@ -68,11 +68,6 @@ func newSyncCmd(opts *Options) *cobra.Command {
 				}
 				return nil
 			}
-			stopRenew, err := acquireSessionLock(opts, cfg, ns, sn, cmd.OutOrStdout())
-			if err != nil {
-				return err
-			}
-			defer stopRenew()
 			stopMaintenance := startSessionMaintenance(opts, cfg, ns, sn, cmd.OutOrStdout(), renewLock, renewLock)
 			defer stopMaintenance()
 
diff --git a/internal/cli/up.go b/internal/cli/up.go
@@ -56,11 +56,6 @@ func newUpCmd(opts *Options) *cobra.Command {
 				}
 				return nil
 			}
-			stopRenew, err := acquireSessionLockWithClient(k, cfg, ns, sn, cmd.OutOrStdout())
-			if err != nil {
-				return err
-			}
-			defer stopRenew()
 			if err := ensureSessionOwnership(opts, k, ns, sn, true); err != nil {
 				return err
 			}
diff --git a/internal/config/config.go b/internal/config/config.go
@@ -41,7 +41,6 @@ type SessionSpec struct {
 	TTLHours            int    `yaml:"ttlHours"`
 	IdleTimeoutMinutes  int    `yaml:"idleTimeoutMinutes"`
 	Shareable           bool   `yaml:"shareable"`
-	LockMode            string `yaml:"lockMode"`
 }
 
 type Workspace struct {
@@ -119,9 +118,6 @@ func (d *DevEnvironment) SetDefaults() {
 	if d.Spec.SSH.LocalPort == 0 {
 		d.Spec.SSH.LocalPort = 2222
 	}
-	if d.Spec.Session.LockMode == "" {
-		d.Spec.Session.LockMode = "none"
-	}
 }
 
 func (d *DevEnvironment) Validate() error {
@@ -149,9 +145,6 @@ func (d *DevEnvironment) Validate() error {
 	if d.Spec.Sync.Engine != "native" && d.Spec.Sync.Engine != "syncthing" {
 		return fmt.Errorf("spec.sync.engine must be native or syncthing, got %q", d.Spec.Sync.Engine)
 	}
-	if d.Spec.Session.LockMode != "none" && d.Spec.Session.LockMode != "advisory" && d.Spec.Session.LockMode != "exclusive" {
-		return fmt.Errorf("spec.session.lockMode must be none|advisory|exclusive, got %q", d.Spec.Session.LockMode)
-	}
 	if d.Spec.Session.TTLHours < 0 {
 		return errors.New("spec.session.ttlHours must be >= 0")
 	}
diff --git a/internal/config/config_test.go b/internal/config/config_test.go
@@ -10,7 +10,7 @@ func validConfig() *DevEnvironment {
 		Spec: DevEnvSpec{
 			Workspace: Workspace{MountPath: "/workspace"},
 			Sync:      SyncSpec{Engine: "native"},
-			Session:   SessionSpec{LockMode: "none"},
+			Session:   SessionSpec{},
 		},
 	}
 }
@@ -38,9 +38,6 @@ func TestSetDefaults(t *testing.T) {
 	if cfg.Spec.SSH.User != "root" || cfg.Spec.SSH.RemotePort != 22 || cfg.Spec.SSH.LocalPort != 2222 {
 		t.Fatalf("ssh defaults not set: %+v", cfg.Spec.SSH)
 	}
-	if cfg.Spec.Session.LockMode != "none" {
-		t.Fatalf("lockMode default not set: %q", cfg.Spec.Session.LockMode)
-	}
 }
 
 func TestValidateRejectsInvalidEngine(t *testing.T) {
@@ -51,14 +48,6 @@ func TestValidateRejectsInvalidEngine(t *testing.T) {
 	}
 }
 
-func TestValidateRejectsInvalidLockMode(t *testing.T) {
-	cfg := validConfig()
-	cfg.Spec.Session.LockMode = "bad"
-	if err := cfg.Validate(); err == nil {
-		t.Fatal("expected validation error")
-	}
-}
-
 func TestValidateRejectsNegativeTTL(t *testing.T) {
 	cfg := validConfig()
 	cfg.Spec.Session.TTLHours = -1
diff --git a/internal/config/template.go b/internal/config/template.go
diff --git a/internal/kube/client.go b/internal/kube/client.go

Original file line number	Diff line number	Diff line change
`@@ -36,7 +36,6 @@ func newDownCmd(opts Options) cobra.Command {`
`36`	`36`	`} else if !deletePVC && cfg.Spec.Workspace.PVC.ClaimName == "" {`
`37`	`37`	`fmt.Fprintf(cmd.OutOrStdout(), "- would retain pvc/%s\n", pvcName(cfg, sn))`
`38`	`38`	`}`
`39`		`- fmt.Fprintf(cmd.OutOrStdout(), "- would delete lease/%s\n", "okdev-"+sn)`
`40`	`39`	`return nil`
`41`	`40`	`}`
`42`	`41`
`@@ -48,9 +47,6 @@ func newDownCmd(opts Options) cobra.Command {`
`48`	`47`	`return fmt.Errorf("delete workspace pvc: %w", err)`
`49`	`48`	`}`
`50`	`49`	`}`
`51`		`- if err := k.Delete(ctx, ns, "lease", "okdev-"+sn, true); err != nil {`
`52`		`- return fmt.Errorf("delete session lease: %w", err)`
`53`		`- }`
`54`	`50`	`fmt.Fprintf(cmd.OutOrStdout(), "Session stopped: %s\n", sn)`
`55`	`51`	`if !deletePVC && cfg.Spec.Workspace.PVC.ClaimName == "" {`
`56`	`52`	`fmt.Fprintf(cmd.OutOrStdout(), "Workspace PVC retained: %s (use --delete-pvc to remove)\n", pvcName(cfg, sn))`
Original file line number	Diff line number	Diff line change
`@@ -68,11 +68,6 @@ func newSyncCmd(opts Options) cobra.Command {`
`68`	`68`	`}`
`69`	`69`	`return nil`
`70`	`70`	`}`
`71`		`- stopRenew, err := acquireSessionLock(opts, cfg, ns, sn, cmd.OutOrStdout())`
`72`		`- if err != nil {`
`73`		`- return err`
`74`		`- }`
`75`		`- defer stopRenew()`
`76`	`71`	`stopMaintenance := startSessionMaintenance(opts, cfg, ns, sn, cmd.OutOrStdout(), renewLock, renewLock)`
`77`	`72`	`defer stopMaintenance()`
`78`	`73`
Original file line number	Diff line number	Diff line change
`@@ -56,11 +56,6 @@ func newUpCmd(opts Options) cobra.Command {`
`56`	`56`	`}`
`57`	`57`	`return nil`
`58`	`58`	`}`
`59`		`- stopRenew, err := acquireSessionLockWithClient(k, cfg, ns, sn, cmd.OutOrStdout())`
`60`		`- if err != nil {`
`61`		`- return err`
`62`		`- }`
`63`		`- defer stopRenew()`
`64`	`59`	`if err := ensureSessionOwnership(opts, k, ns, sn, true); err != nil {`
`65`	`60`	`return err`
`66`	`61`	`}`
Original file line number	Diff line number	Diff line change
`@@ -41,7 +41,6 @@ type SessionSpec struct {`
`41`	`41`	TTLHours int `yaml:"ttlHours"`
`42`	`42`	IdleTimeoutMinutes int `yaml:"idleTimeoutMinutes"`
`43`	`43`	Shareable bool `yaml:"shareable"`
`44`		- LockMode string `yaml:"lockMode"`
`45`	`44`	`}`
`46`	`45`
`47`	`46`	`type Workspace struct {`
`@@ -119,9 +118,6 @@ func (d *DevEnvironment) SetDefaults() {`
`119`	`118`	`if d.Spec.SSH.LocalPort == 0 {`
`120`	`119`	`d.Spec.SSH.LocalPort = 2222`
`121`	`120`	`}`
`122`		`- if d.Spec.Session.LockMode == "" {`
`123`		`- d.Spec.Session.LockMode = "none"`
`124`		`- }`
`125`	`121`	`}`
`126`	`122`
`127`	`123`	`func (d *DevEnvironment) Validate() error {`
`@@ -149,9 +145,6 @@ func (d *DevEnvironment) Validate() error {`
`149`	`145`	`if d.Spec.Sync.Engine != "native" && d.Spec.Sync.Engine != "syncthing" {`
`150`	`146`	`return fmt.Errorf("spec.sync.engine must be native or syncthing, got %q", d.Spec.Sync.Engine)`
`151`	`147`	`}`
`152`		`- if d.Spec.Session.LockMode != "none" && d.Spec.Session.LockMode != "advisory" && d.Spec.Session.LockMode != "exclusive" {`
`153`		`- return fmt.Errorf("spec.session.lockMode must be none\|advisory\|exclusive, got %q", d.Spec.Session.LockMode)`
`154`		`- }`
`155`	`148`	`if d.Spec.Session.TTLHours < 0 {`
`156`	`149`	`return errors.New("spec.session.ttlHours must be >= 0")`
`157`	`150`	`}`